Five Ways Facebook May Advance the OpenID Movement
For the past two years, I’ve been a vocal advocate of OpenID and a big believer that OpenID and the rest of the “open stack” will bring about a Social Web characterized by interoperability, data portability, and user control. As a self-appointed evangelist for OpenID, I have often blogged on the topic or been quoted in articles covering the progress of OpenID. So when Facebook announced on Thursday that they were joining the OpenID Foundation, Justin reached out to me, asking if I’d like to do a guest post on how Facebook might contribute to OpenID. I was honored and eager to oblige, as I think this is truly a watershed moment for the industry. And so, here are five specific ways I believe that Facebook may advance the OpenID movement…
1) Continue to share insights from Facebook Connect. One of the highest priorities of the OpenID community is improving the user experience (based on the usability problems of early implementations). Facebook Connect is a great existence proof that third-party sign-on can be done in a way that is not confusing to mainstream users. Folks from Facebook came to the first OpenID User Experience (UX) Summit last Fall and were very open with how they developed and refined the UX for Facebook Connect, based on usability testing. And tomorrow, Facebook is hosting the follow-up to the UX summit, an “OpenID Design Workshop” at Facebook HQ in Palo Alto. Ongoing sharing of lessons learned from Facebook Connect will be invaluable to the OpenID community. This isn’t to say that OpenID should blindly adopt what Facebook has done, but blending the best of Connect with the distributed nature of OpenID is clearly a great idea.
2) Directly contribute to the evolution of OpenID spec. Beyond just sharing insights that others can translate into code, Facebook can directly contribute to the evolution of the OpenID specifications. Becoming a corporate member of the OpenID Foundation and naming Luke Shepard their representative sends a strong signal that they intend to do just that. As Mike Schroepfer says in the official blog post, “It is our hope that we can take the success of Facebook Connect and work together with the community to build easy-to-use, safe, open and secure distributed identity frameworks for use across the Web.” I believe Facebook is committed to helping OpenID realize its potential, and will be an active participant in the OpenID community’s open specification process going forward.
3) Become an OpenID “Provider”. Another great way for Facebook to contribute to the evolution of OpenID would be to launch an implementation of the spec ASAP. They can start by becoming an OpenID Provider, opening the door for a variety of experiments, like the one announced recently between Google and Plaxo, which is currently testing a “hybrid approach” to two-click signup that strings together OpenID, OAuth, and the Google Contacts API. Being an OpenID Provider would complement, rather than distract from Facebook Connect, which allows for more elegant and rich integrations with Facebook.
4) Re-write Facebook Connect atop the Open Stack. A great litmus test for OpenID and the other pieces of the Open Stack (OAuth, Portable Contacts, XRD, and OpenSocial), is whether a social network could use these open spec building blocks as a foundation for build something like Facebook Connect. Who better to do that, than Facebook? If Facebook embarked on that mission, it could very well offer the fastest path to progress. Working together, I believe we could see an Open Stack version of Facebook Connect by the end of the year. This aligns really well with Facebook’s vision to increase the “amount of sharing and openness” in the world, by advancing the technologies that, when widely deployed, will lower the cost of doing both.
Also, I’d be remiss if I did not give props to the folks at MySpace, who are rolling out a completely Open Stack approach under the MySpaceID brand, wrapping OpenID, OAuth, XRD, Portable Contacts, microformats, and OpenSocial into a powerful and consumer-friendly package.
5) Become an OpenID Relying Party (a site that accepts OpenID). In 2008, we saw Yahoo, Google, Microsoft, and MySpace become OpenID Providers, adding considerable momentum for the movement. That said, even though there are over half a billion OpenID accounts and more than 30,000 sites that accept OpenID, we are not yet at point where you can sign up for Yahoo services with your Google OpenID or sign up for Microsoft services with your AOL OpenID. In other words, we need to see more of the big players not just offer, but also accept OpenID. How cool would it be to see Facebook take a leadership role here? Maybe when Plaxo, a relying party that accepts OpenID from providers large and small, announces early results of their “hybrid” experiment with Google on tomorrow, there might even be a clear and compelling business case for becoming a relying party! (Wink, wink.)
And none of this would actually be radical. After all, Facebook was, broadly speaking, one of the first mainstream “relying parties,” deferring the notion of identity to select top-tier universities in the early days of the service. Back then, one could not even sign up for Facebook without an email address from Harvard, Stanford, or a short list of other trusted identity providers.
Only time will tell how far down the Open Stack pathway Facebook will go. But by joining the OpenID Foundation and fully engaging with the community process, Facebook has already made a major contribution. I think it is now a lot harder to believe that OpenID has failed or will fail. Quite the contrary. With Facebook jumping on board and rowing alongside MySpace, Google, Yahoo, Microsoft, Plaxo, Six Apart, and many others, our collective optimism for OpenID surely should be rising.